Pale Moon forum

Hi,

I love PM on my Desktop and how lightweight it is. First found the browser by checking to see if anyone had updated the old FOXSCAPE theme, and someone had forked it to Pale Moon. I shifted over, and seeing how lightweight the browser is while still using the best privacy and security add-ons, I won't be moving back.

That being said, I really like Pale Moon and would like to use it for Android due to the Sync feature. However, I know that the browser has been discontinued and is vulnerable to security issues with its continued use.

If I choose to continue using Pale Moon for Android, what are the theoretical risks I'm taking? Are any of them mitigated by using specific add-ons like uMatrix and uBlock to block scripts and the like? I read on here that uMatrix is compatible with Pale Moon, but I can't find the add-on file to add it to PM for Android.

Any help would be appreciated, thank you.

Baloo wrote:I read on here that uMatrix is compatible with Pale Moon, but I can't find the add-on file to add it to PM for Android.

I'm running uBlock Origin 1.11.4 on Pale Moon Android (wouldn't install the latest version).
If you open a tab on the Pale Moon for Android start page and scroll to the bottom, there's a link to "Browse all Pale Moon add-ons" - which actually takes you to the Firefox for Android add-on site. I had to request the desktop version of this to select and install extensions (to get around an error warning on the mobile page).

I'll leave someone more knowledgeable to comment on the general security risks.

I am using 360 security for my Android device. It's working superb. Though this isn't an add-ons. This is a software to removed virus/maleware.

You dont need any AV on Android. Also AV on android make your system even more vulnerable

dark_moon wrote:You dont need any AV on Android. Also AV on android make your system even more vulnerable

Please don't state this. Malware on Android is a major issue.

A quick search will give you a few interestign articles to educate yourself on the matter: https://duckduckgo.com/?t=palemoonsp&q= ... ses&ia=web

Moonchild wrote:

dark_moon wrote:You dont need any AV on Android. Also AV on android make your system even more vulnerable

Please don't state this. Malware on Android is a major issue.

A quick search will give you a few interestign articles to educate yourself on the matter: https://duckduckgo.com/?t=palemoonsp&q= ... ses&ia=web

The day Android malware can install itself without user intervention is the day you need a regular anti virus scanning in the background.
Any app on Android requires user interaction to be installed in the first place, or to request permissions. Shady third party app stores, and ones that offer pirated versions of paid software are the more likely vectors. Even on Play Store, it pays to look at user reviews and names of developers of apps before installing them, or to stick to popular ones.

tl;dr - The malware problem on Android is entirely due to clueless users. This is not like the days of invisible drive-by downloads that compromised IE6 on Windows XP, where you wouldn't even know you had been pwned.

moonbat wrote:

Moonchild wrote:

dark_moon wrote:You dont need any AV on Android. Also AV on android make your system even more vulnerable

Please don't state this. Malware on Android is a major issue.

A quick search will give you a few interestign articles to educate yourself on the matter: https://duckduckgo.com/?t=palemoonsp&q= ... ses&ia=web

The day Android malware can install itself without user intervention is the day you need a regular anti virus scanning in the background.
Any app on Android requires user interaction to be installed in the first place, or to request permissions. Shady third party app stores, and ones that offer pirated versions of paid software are the more likely vectors. Even on Play Store, it pays to look at user reviews and names of developers of apps before installing them, or to stick to popular ones.

tl;dr - The malware problem on Android is entirely due to clueless users. This is not like the days of invisible drive-by downloads that compromised IE6 on Windows XP, where you wouldn't even know you had been pwned.

This!

moonbat wrote:tl;dr - The malware problem on Android is entirely due to clueless users. This is not like the days of invisible drive-by downloads that compromised IE6 on Windows XP, where you wouldn't even know you had been pwned.

Excuse me but this is the case for EVERY operating system; android is no different than Linux or Windows or Mac OS in that case.
The days of drive-by download-and-install are long gone, regardless of OS (unless you're clueless in the respect that you still run on an not-updated Windows XP or something similar obsolete and insecure).

Most malware comes either piggy-backed with other applications or is explicitly installed by the user with their full knowledge that they are installing something, just not realizing that they are installing something dangerous. Or suffering from "confirmation fatigue" and clicking through the installation dialogues without checking what it says.

Moonchild wrote:

moonbat wrote:tl;dr - The malware problem on Android is entirely due to clueless users. This is not like the days of invisible drive-by downloads that compromised IE6 on Windows XP, where you wouldn't even know you had been pwned.

Excuse me but this is the case for EVERY operating system; android is no different than Linux or Windows or Mac OS in that case.
The days of drive-by download-and-install are long gone, regardless of OS (unless you're clueless in the respect that you still run on an not-updated Windows XP or something similar obsolete and insecure).

Most malware comes either piggy-backed with other applications or is explicitly installed by the user with their full knowledge that they are installing something, just not realizing that they are installing something dangerous. Or suffering from "confirmation fatigue" and clicking through the installation dialogues without checking what it says.

I'm not singling out Android - I'm saying this class of malware is non existent for power users who follow safe best practices - don't download software from dodgy sites, and keep your eyes open when installing or clicking on anything.
On the Play Store, stick to popular apps, make sure the developer name is consistent with what you would expect (to avoid adware masquerading as legit apps with identical icons) and read user reviews before installing.
Being prudent will keep you safe regardless of what platform you use or how vulnerable it is - once it's established that drive-by/silent malware installation security holes are non existent.

Difficult? So is driving a car. Computers and the internet have been around for a quarter century now, there is no excuse for remaining clueless about these things when even the mainstream press covers security holes and steps to stay safe.

Falna wrote:

Baloo wrote:I read on here that uMatrix is compatible with Pale Moon, but I can't find the add-on file to add it to PM for Android.

I'm running uBlock Origin 1.11.4 on Pale Moon Android (wouldn't install the latest version).
If you open a tab on the Pale Moon for Android start page and scroll to the bottom, there's a link to "Browse all Pale Moon add-ons" - which actually takes you to the Firefox for Android add-on site. I had to request the desktop version of this to select and install extensions (to get around an error warning on the mobile page).

I'll leave someone more knowledgeable to comment on the general security risks.

Just tried this and didn't have any success downloading any add-ons aside from uBlock Origin. Have you gotten other add-ons to work? Specifically HTTPS Everywhere, decentraleyes or a tracking blocker like Privacy Badger?

Baloo wrote:Have you gotten other add-ons to work? Specifically HTTPS Everywhere, decentraleyes or a tracking blocker like Privacy Badger?

I currently run:
Decentraleyes 1.1.3
Self-destructing Cookies 0.4.9
Session Manager 0.8.1.7
uBlock 0.9.5.0.1-let-fixed

Hmm - from Moonchild's post today:

The (ancient) Android version of Pale Moon will be removed (unpublished) from the Play Store. The only way to still get this unsupported version of the browser will be by side-loading the APK from the archives, if you need it. Please note that continuing to use this very old version of the browser bears a considerable security risk.

viewtopic.php?f=1&t=17097

Unfortunate that nobody's come along with the time and skills to revive this. Still my favorite Android browser.